public interface SecurityManager extends Authenticator, Authorizer, SessionManager
SecurityManagerexecutes all security operations for all Subjects (aka users) across a single application. The interface itself primarily exists as a convenience - it extends the
SessionManagerinterfaces, thereby consolidating these behaviors into a single point of reference. For most Shiro usages, this simplifies configuration and tends to be a more convenient approach than referencing
SessionManagerinstances separately; instead one only needs to interact with a single
SecurityManagerinstance. In addition to the above three interfaces, this interface provides a number of methods supporting
Subjectexecutes authentication, authorization, and session operations for a single user, and as such can only be managed by
A SecurityManagerwhich is aware of all three functions. The three parent interfaces on the other hand do not 'know' about
Subjects to ensure a clean separation of concerns. Usage Note: In actuality the large majority of application programmers won't interact with a SecurityManager very often, if at all. Most application programmers only care about security operations for the currently executing user, usually attained by calling
SecurityUtils.getSubject(). Framework developers on the other hand might find working with an actual SecurityManager useful.
|Modifier and Type||Method and Description|
Logs in the specified Subject using the given
Logs out the specified Subject from the system.
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException
authenticationToken, returning an updated Subject instance reflecting the authenticated state if successful or throwing
AuthenticationExceptionif it is not. Note that most application developers should probably not call this method directly unless they have a good reason for doing so. The preferred way to log in a Subject is to call
subject.(usually after acquiring the Subject by calling
SecurityUtils.getSubject()). Framework developers on the other hand might find calling this method directly useful in certain cases.
subject- the subject against which the authentication attempt will occur
authenticationToken- the token representing the Subject's principal(s) and credential(s)
AuthenticationException- if the login attempt failed.
, not the
SecurityManagerdirectly. Framework developers on the other hand might find calling this method directly useful in certain cases.
subject- the subject to log out.
Subject createSubject(SubjectContext context)
Subjectinstance reflecting the specified contextual data. The context can be anything needed by this
SecurityManagerto construct a
Subjectinstance. Most Shiro end-users will never call this method - it exists primarily for framework development and to support any underlying custom
SubjectFactoryimplementations that may be used by the
Subjectinstances have local scope only and any other further use beyond the calling method must be managed explicitly.
context- any data needed to direct how the Subject should be constructed.
Subjectinstance reflecting the specified initialization data.
Copyright © 2004–2017 The Apache Software Foundation. All rights reserved.